BLOG HOME | OCTOBER 18, 2021
The Kind of Phish You Don't Want to Catch
I remember as a child sitting on a dock at the lake with my grandfather casting out a line hoping to pull in a big fish. I’d get so excited when even a tiny one would nip at the line. Those are some memories I’ll probably never forget.
Let's talk about a fishing trip you definitely don’t want to go on. You’ve probably heard of major companies being hacked though something called “phishing”. Having a strong, unique password for your accounts is just half the battle. The other part is to be vigilant with who you give that password. This is where phishing comes in. Phishing is a technique that hackers use to trick people into giving up their passwords. They do this by creating cleverly designed emails and websites that at first glance appear to be authentic.
For example, this morning I received an email that appeared to be from my web hosting company alerting me that I needed to update my password due to my password supposedly expiring soon. If I hadn’t taken the time to look at the email more closely and if I were heavily distracted with work I might have just clicked the link. And that would have been a very bad idea.
Email or text messages are often the way phishing attacks take place. Be especially vigilant against any email that requests that you change your password, login to an account or request personal information such as PIN numbers or social security numbers.
A few common things to look for in phishing attacks:
- Misspelled words or bad grammar. (This is often a dead giveaway.)
- Don't click! Hover your mouse over a link in the email without clicking the link. You can then look at the link they are trying to use. It will be obvious that the hacker is using another site other than a real one. (Or, they may register a domain that is similar to the legitimate company.)
- Don’t be fooled by the “from” address of the email. It is incredibly easy to spoof the sender’s name and email address when sending emails.
If in doubt, you can always go directly to the company’s web site. For example, with the email I got this morning I could simply have gone directly to my web hosting company’s web site bypassing the email altogether if I had even the slightest thought it was legitimate.
Think you can spot a phishing email? You’d be surprised how creative hackers can be. Major corporations have fallen victim to phishing scams because someone probably believed an email they received was legitimate. Google has put together a great online quiz to test your ability to spot phishing emails. Take a moment to test your skill!
Phishing is one of the more common ways that entire networks and companies become compromised. All it takes is one password or account credential landing in the hands of a nefarious actor. Coupled with unique, strong passwords and two-factor authentication, knowing how to spot phishing can help protect your most important data from landing in the wrong hands. You may want to consider providing training to all your staff on how to spot these types of hacking attempts.
I recommend reading an excellent article on phishing from the folks at Sophos that provides more details on phishing and how you can protect yourself.
The information provided here is for informational purposes only and is provided as-is. Please note that I am not a security expert. I recommend reaching out to security experts to make sure that the security and recovery protocols for your company are sound and effective. The content here carries no guarantee or promise to the validity or content or any performance claims. Links to third parties and references to third parties do not indicate endorsement or agreement to those parties by 18 Street Design, its owners or affiliates.